Account Abstraction 101: Game Changer for Web3 Mainstream Adoption? | by Karim Hadni | Coinmonks

Theoretically, Web3 could give users a much better user experience (UX) than the Internet as it is right now. Instead of having to remember different usernames and passwords for each website or relying on a central service provider, Web3 can authenticate users with a single private key that can be used by any Web3-enabled application. Isn’t this a significant improvement in the user experience?

But have you already used a Balancer flash loan to open a leveraged STETH-ETH position on AAVE? Or have you ever asked your PS5-owning younger sibling to play an on-chain game and sign a transaction every 20 seconds?

The average person may become confused by the various non-compatible authentication “standards”, browser wallets, and concepts such as seed phrase, gas price, reverted transaction, etc.

Following the FTX saga, we also hear more about self-custody. But do you truly believe that self-custody as it stands now, with the threat of ruin if you forget your seed phrase, will enable one to cross the gap to mainstream adoption?

Account Abstraction (AA) comes into play and makes it possible to create the same kind of user experience (UX) that Web2 users are used to while truly owning their data and directly accessing DApps without clearance from centralized intermediaries.

When experts in the field attempt to define the term “account abstraction,” it becomes clear that it is a somewhat… abstract term.

Don’t worry, we’ll get this sorted out.

Here are some insights on how they define it:

“Account Abstraction means every account is a smart contract that can contain logic and implement flows, such as social security for monitoring multi-call and so on. So really every account is a smart contract.”
Julien Niset, Co-founder @argentHQ

“It’s about moving user authentication from the network to the smart contract and letting wallet designers decide how to authenticate their users.”
Henri, Developer Advocate for StarkNet @StarkWareLtd

“This is simply the future of blockchain and what will bring mass adoption. […] For me, account abstraction is the greatest thing that happened to crypto since smart contracts, and I really do believe it.”
Gershon Ballas, Founder @ Ginger Security

For the time being, keep in mind that with account abstraction (AA), each account is a smart contract that implements flows to authenticate users based on the wallet designer’s choices, to create multi-calls, and so on.

What makes this different from what we know and how Ethereum works? Let us first define accounts in the context of Ethereum.

Without diving into esoteric details, bear in mind that the Ethereum blockchain stores the state as a mapping between Ethereum addresses and the state associated with each address.

Ethereum has two types of accounts, both of which are represented by a 20-byte (public) address.

1. Externally Owned Account (EOA)
EOAs are your wallets (such as MetaMask), and anyone with private keys can control them. These are used to hold, send, and receive ETH and other tokens.

2. Contract Account
These are smart contracts that have been deployed to the network and are controlled by code. They interact with other smart contracts on the blockchain.

accounts types on Ethereum

When you click “Confirm” on your MetaMask (EOA) account, your private key is used to create a cryptographic signature for the transaction (using ECDSA on a specific elliptic curve called Secp256k1). Before executing the transaction, Ethereum (or, more accurately, the EVM, which is the Ethereum runtime environment) checks the signature to make sure it is valid.

On Ethereum, your EOA (or wallet), where you hold your tokens, is also the signer. Both concepts are tightly tied together.

What’s the point?

The most important thing to remember is that the EVM uses hard-coded logic to validate and sign transactions. You must use an EOA to start a transaction, and your cryptographic signature is made with ECDSA on SCP256k1.

Account abstraction, on the other hand, has no concept of EOA. There are only smart contracts. Your wallet is also a smart contract. The account and the signer are no longer tied to each other. This means that the logic used to authorize transactions is no longer limited by the way the EVM is made.

To make it more meaningful, imagine being able to sign a transaction using only Face ID on your smartphone rather than MetaMask. This has already been accomplished by using a different signature scheme:

As you can imagine, removing these limitations makes it possible for many different wallet designs. All you have to do is write an account (a smart contract) that holds the custom logic (as long as the custom logic fits the way the virtual machine will process the transactions).

Since AA doesn’t work with the way the EVM is made, you might be wondering how likely it is to be widely used. After all, Ethereum is the most widely used blockchain and the one with the fastest-growing DApp ecosystem.

Well, you’ve probably already encountered or heard about the blockchain’s capacity limitations and the need for “scaling solutions”. Great news for us: Account Abstraction is supported by L2 solutions such as StarkNet and zkSync. Two birds, one stone.

The thread below illustrates, among other things, what an account interface on StarkNet looks like and how transactions are processed on the network:

In this section, we’ll go through some examples to better understand how account abstraction is a game changer for the industry and to cross the chasm to mass adoption.

In the current state of things, if you lose your private key, you lose all your funds.

Let’s take a look at some ideas that are made possible by account abstraction and will make the user experience much better.

Social recovery

Vitalik defines social recovery as his preferred method for securing wallets. The idea behind social recovery is to give you a way to get back into your account if you lose your private key.

Vitalik proposed a system in which you define several addresses that could assist you to regain your account (guardian addresses). These addresses could correspond to your family’s and friends’ accounts. If you lose your signing key, all you have to do is contact your guardians and ask them to sign a specific transaction so that your old signing key is replaced with a new one in the wallet contract.

For example, the custom logic might say that this kind of transaction needs to be signed by the majority of the guardians.

account abstraction Social Recovery system
Social Recovery system suggested by Vitalik

Argent pioneered social recovery in 2018 already. Learn more about their recovery process.

Multisig wallets

This is similar to the idea of a joint account, where a transaction needs to be signed by two or more private keys. This could be used for a family account, a trust account, and so on.

Hardware Signer

Self-custodial wallet Braavos (on StarkNet) keeps working on new ideas made possible by Account Abstraction. It recently added the innovative “Hardware Signer” feature for iOS and Android devices.

By using the secure sub-system on users’ mobile devices and the arbitrary signature verification logic that AA allows (remember, a wallet is also a smart contract), Bravoos wallets can sign transactions using the mobile device security module and then send them to the account contract on the blockchain, which can verify them.

Non-custodial fraud monitoring at the account level

As explained by Julien Niset, co-founder of @argentHQ, AA allows adding a safety net to your wallet in a non-custodial manner.

A second key might be generated by your wallet. This key is handed to your preferred fraud detection service. Every time you make a transaction, the wallet may submit raw call data to the fraud-monitoring provider. It guarantees that the code is genuine and secure.

  • If the transaction is considered genuine and secure, your wallet is automatically allowed to interact with the DApp,
  • If not, as the owner of the master key, you have the authority to go through and ignore any potential warnings or to stop the transaction.

Each fraud monitoring service has its own logic and testing, and you are free to select the service(s) you desire.

Have you already played an on-chain game where you need to click “approve” on MetaMask each time you change the blockchain state?

Well, I have. And clicking “approve” 100 times in a 5-minute round is far from a smooth gaming experience.

Consider a farmer’s game in which you must cultivate fields. The first step is to sow the seeds. After a certain period of time, the plants had grown. You harvest them, store them in the barn, and sell a portion of them at the market for gold. Playing this game on an EVM blockchain would need several signatures: each time a seed is planted, harvested, and so on.

Account abstraction allows customizing the rules for interacting with DApps. Let us now explore batch transactions and session keys.

Batch transactions

In our farmer’s game, the player could undertake several actions (plant, harvest, and sell) and sign them all at once. This is referred to as “batch transactions”.

Session keys

Even better, account abstraction made the concept of “session keys” possible. The session key lets the user play the game for a certain amount of time without having to sign any transactions. Some operations may still require signatures, which can be part of the custom logic. You don’t want your brother to transfer all of your hard-earned gold to his account while you go to the bathroom, for example.

Test the concept yourself by playing Realms (@LootRealms) on StarkNet.

In the same way that transaction batching works, we refer to “transaction carts” or “multi-call” when the logic in place lets you add as many NFTs as you want to the cart and sign a single transaction to buy them all at once, like on a classic e-commerce site.

Check out Aspect (@aspectdotco), an NFT marketplace built on StarkNet that uses this cart concept.

We might also explore UX improvements in DeFi protocols, for example, when opening a new loan. Multi-call makes it possible to sign only one transaction to approve, put up collateral, and borrow, instead of several.

To completely abstract the technology and blockchain, AA provides for simple onboarding of customers by paying gas on their behalf while they retain full control of their accounts.

Even though we are just scratching the surface of what account abstraction can do, use cases that improve user experience and self-custodial security are popping up at an amazing rate.

AA abstracts the technology and makes on-chain experiences so smooth that users don’t even realize they’re on the blockchain, but they still have full control over their assets.

AA could also make it less likely that users will lose access to their accounts if they lose their private keys and make users less vulnerable to bad actors.

It could make Web3 easier to use for a wider range of people and be the key to Web3’s full potential and the start of a new wave of digital transformation.

#Account #Abstraction #Game #Changer #Web3 #Mainstream #Adoption #Karim #Hadni #Coinmonks

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: